Fedora IcedTea packages
Thomas Fitzsimmons
fitzsim at redhat.com
Mon Jun 18 08:34:29 PDT 2007
Matej Cepl wrote:
> On 2007-06-13, 23:03 GMT, Thomas Fitzsimmons wrote:
>> I uploaded a .nosrc.rpm that can be used to build IcedTea
>> packages on Fedora 7:
>
> Trying to compile that on Fedora 7 and got one beautiful SELinux
> AVC denial:
>
> Summary
> SELinux is preventing
> /home/matej/redhat/BUILD/icedtea-1.0/openjdk/control\
> /build/linux-i586/bin/java from loading
> /home/matej/redhat/BUILD/icedtea-1.0\
> /openjdk/control/build/linux-i586/lib/i386/client/libjvm.so
> which requires text relocation.
>
> Raw Audit Messages
>
> avc: denied { execmod } for comm="java" dev=dm-4 egid=500
> euid=500
> exe="/home/matej/redhat/BUILD/icedtea-1.0/openjdk/control/build/linux-i586/bin/java"
> exit=0
> fsgid=500 fsuid=500 gid=500 items=0 name="libjvm.so"
> path="/home/matej/redhat/BU
> ILD/icedtea-1.0/openjdk/control/build/linux-i586/lib/i386/client/libjvm.so"
> pid=10091 scontext=user_u:system_r:unconfined_t:s0 sgid=500
> subj=user_u:system_r:unconfined_t:s0 suid=500 tclass=file
> tcontext=user_u:object_r:user_home_t:s0 tty=pts1 uid=500
>
> Any thoughts on this?
Yes, I've attached a patch that fixes this. You can add it to
java-1.7.0-icedtea.spec for now, and it will be in the next IcedTea release.
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icedtea-text-relocations.patch
Type: text/x-patch
Size: 648 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20070618/af98fc70/icedtea-text-relocations.patch
More information about the distro-pkg-dev
mailing list